<?php
class UsersController extends AppController {
	
	var $components = array('Auth','Email');
	var $name = 'Users';	
 
	function beforeFilter() {		
		parent::beforeFilter();
		$this->layout="home";		
		$this->Auth->authorize = 'controller';
		//Cac front-end dung login bang User
		$this->Auth->allow(array("index","add","login","logout","forgot_password","reset_password")); //Khong doi quyen login cac action nay
		if($this->UserPermission($this->action)){
		   $this->Auth->userModel = 'User'; // Chuyen qua login User voi action edit (front-end)
		   $this->Auth->fields = array('username' => 'email', 'password' => 'password');
		}
	}

	function isAuthorized() {
		$MY_RULE_ID = 6;
		if ($this->UserPermission($this->action)) {
			return true;//Cho phep front-end
		}else{
		$allow = $this->requestAction('ruleStaffTypes/allow/'.$MY_RULE_ID);
		if ($allow){
			return true;
		}else{
			$this->Session->setFlash(__('Permission denied!',true));
			$this->redirect(array("controller"=>"staffs","action"=>"login","admin"=>false));
			return false;
		}
	}
        return false;
    }
	function index() {
		$this->User->recursive = 0;
		$this->set('users', $this->paginate());		
	}
	function login()
	{
		if ($this->Auth->user()) {
			$this->redirect(array('action' => 'view',$this->Auth->user("id")));
        }				
	}
	function reset_password($id=null, $code=null){
		if ($id!=null && $code!=null){
			$User= $this->User->read(null,$id);
			if ($code==$User["User"]["reset_password"] && !empty($User["User"]["reset_password"])){
				if (strtotime(date("Y-m-d H:i:s"))<= strtotime($User["User"]["reset_password_exprired"])){
					if (!empty($this->data)) {
						$User["User"]["password"]=$this->Auth->password($this->data["User"]["password"]);
						$User["User"]["reset_password"]="";
						$User["User"]["reset_password_exprired"]=date("Y-m-d H:i:s");
						if($this->User->save($User)){
							$this->Session->setFlash(__('Your password is reset!', true));
							$this->redirect(array('action' => 'index'));
						}else{
							$this->Session->setFlash(__('Can\'t reset!', true));
						}
					}
				}else{
					$this->Session->setFlash(__('Confirm code is exprired!', true));
				}
			}else{
				$this->Session->setFlash(__('Confirm code is not valid!', true));
			}			
		}
		$this->set("rid",$id);
		$this->set("rcode",$code);
	}
	function forgot_password()
	{
		if (!empty($this->data)) {
			$email = $this->data["User"]["email"];
			if ($this->User->find('count',array('conditions'=>array('email'=>$email)))<1){
				$this->Session->setFlash(__('Invalid email', true));
			}else{				
				$this->Email->from    = 'Konik <lifopro@gmail.com>';
				$this->Email->to      = 'tlqtvn@gmail.com';
				$this->Email->subject = 'Reset your password - Konik';
				$this->Email->sendAs = 'html';
				$User= $this->User->find('first',array('conditions'=>array('email'=>$email)));
				$User["User"]["reset_password"]=md5(rand(1,100000000));
				$tomorrow  = mktime(date("H"), date("i"), date("s"), date("m")  , date("d")+1, date("Y"));
				$User["User"]["reset_password_exprired"]=date("Y-m-d H:i:s",$tomorrow);
				$this->User->save($User);
				$link = "http://konik.vkscorp.com/konik/users/reset_password/".$User["User"]["id"]."/".$User["User"]["reset_password"];			
				$this->Email->send('Dear '.$User["User"]["last_name"].'<br>Please click the below link to reset your password!<p><a href="'.$link.'">'.$link.'</a></p>');
				$this->Session->setFlash(__('Please check mail to reset your password!', true));
				$this->redirect(array('action' => 'index'));
			}
		}		
	}
	
	function logout() {
		$this->redirect($this->Auth->logout());
	}
	function view($id = null) {
		if (!$id) {
			$this->Session->setFlash(__('Invalid user', true));
			$this->redirect(array('action' => 'index'));
		}
		$this->set('user', $this->User->read(null, $id));		
	}
	
	function add() {
		if (!empty($this->data)) {			
			$this->User->create();
			$email = $this->data["User"]["email"];
			if ($this->User->find('count',array('conditions'=>array('email'=>$email)))>0){
				$this->Session->setFlash(__('The email is existe!', true));
			}else{
				if ($this->User->save($this->data)) {
					$this->Session->setFlash(__('The user has been saved', true));
					$this->Auth->login($this->data);
					$this->redirect(array('action' => 'view',$this->Auth->user("id")));
				} else {
					$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
				}
			}
		}
		$countries = $this->User->Country->find('list');
		$this->set(compact('countries'));
	}

	function edit($id = null) {
		if (!$id && empty($this->data)) {
			$this->Session->setFlash(__('Invalid user', true));
			$this->redirect(array('action' => 'index'));
		}
		if ($this->Auth->user("id")!=$id){
				$this->Session->setFlash(__('Permission denied!', true));
				$this->redirect(array('action' => 'view',$this->Auth->user("id")));
		}
		if (!empty($this->data)) {			
			$email = $this->data["User"]["email"];
			if ($this->User->find('count',array('conditions'=>array('email'=>$email)))>0){
					$this->Session->setFlash(__('The email is existe!', true));
				}else{
				if ($this->User->save($this->data)) {
					$this->Session->setFlash(__('The user has been saved', true));
					$this->redirect(array('action' => 'view',$this->Auth->user("id")));
				} else {
					$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
				}
			}
		}
		if (empty($this->data)) {
			$this->data = $this->User->read(null, $id);
		}
		$countries = $this->User->Country->find('list');
		$this->set(compact('countries'));
	}

	function delete($id = null) {
		if (!$id) {
			$this->Session->setFlash(__('Invalid id for user', true));
			$this->redirect(array('action'=>'index'));
		}
		if ($this->User->delete($id)) {
			$this->Session->setFlash(__('User deleted', true));
			$this->redirect(array('action'=>'index'));
		}
		$this->Session->setFlash(__('User was not deleted', true));
		$this->redirect(array('action' => 'index'));
	}
	function admin_index() {
		$this->User->recursive = 0;
		$this->set('users', $this->paginate());
	}

	function admin_view($id = null) {
		if (!$id) {
			$this->Session->setFlash(__('Invalid user', true));
			$this->redirect(array('action' => 'index'));
		}
		$this->set('user', $this->User->read(null, $id));
	}

	function admin_add() {
		if (!empty($this->data)) {
			$this->User->create();
			if ($this->User->save($this->data)) {
				$this->Session->setFlash(__('The user has been saved', true));
				$this->redirect(array('action' => 'index'));
			} else {
				$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
			}
		}
		$countries = $this->User->Country->find('list');
		$this->set(compact('countries'));
	}

	function admin_edit($id = null) {
		if (!$id && empty($this->data)) {
			$this->Session->setFlash(__('Invalid user', true));
			$this->redirect(array('action' => 'index'));
		}
		if (!empty($this->data)) {
			if ($this->User->save($this->data)) {
				$this->Session->setFlash(__('The user has been saved', true));
				$this->redirect(array('action' => 'index'));
			} else {
				$this->Session->setFlash(__('The user could not be saved. Please, try again.', true));
			}
		}
		if (empty($this->data)) {
			$this->data = $this->User->read(null, $id);
		}
		$countries = $this->User->Country->find('list');
		$this->set(compact('countries'));
	}

	function admin_delete($id = null) {
		if (!$id) {
			$this->Session->setFlash(__('Invalid id for user', true));
			$this->redirect(array('action'=>'index'));
		}
		if ($this->User->delete($id)) {
			$this->Session->setFlash(__('User deleted', true));
			$this->redirect(array('action'=>'index'));
		}
		$this->Session->setFlash(__('User was not deleted', true));
		$this->redirect(array('action' => 'index'));
	}
	function UserPermission($action){
		return ($action == 'index' || $action == 'login' || $action == 'logout' || $action == 'add' || $action == 'edit' || $action == 'view' || $action == 'forgot_password' || $action == 'reset_password');
	}
}
?>